New York Dam Hacked by Iran, Report Says

Iranian hackers infiltrated the computer system at a small dam in a quiet village 20 miles from New York City in 2013, according to a report on Monday.

The hackers are said to have snooped for information about the dam in Rye Brooke, N.Y. and examined its control system, but ultimately did nothing, Wall Street Journalsaid, citing people who have knowledge of the incident.

The hack was part of a broader attempt by Iranian hackers to infiltrate corporate networks and access sensitive information, according to the report. The U.S. government learned of the attack at the 20-foot-tall Bowman Avenue Dam after analyzing Internet traffic coming from Iran.

The Homeland Security Department, FBI, and the NSA all declined to comment about the specific claims. But S.Y. Lee, a spokesman for the DHS, told Fortune that the government agency coordinates “national efforts to strengthen the security and resilience of critical infrastructure, working with our federal and industry partners across the country to raise awareness about evolving threats and promote measures to reduce risks to systems we all rely on.” Lee added the DHS has teams that specifically respond to threats against industrial control systems.

Dam control systems, like the one hacked in Rye Brooke, are a worrisome target in the ongoing global cyber battles. Much of the nation’s critical infrastructure, including the power grid, is connected online.

The U.S. government has warned that security used to protect such infrastructure is often outdated, insecure, and therefore, easy to hack. After gaining access, hackers can turn off power, prevent systems from shutting down, overheat computers and servers, and interfere with a dam’s operations.

Earlier this year, the DHS revealed the extent of the problem by saying that its Industrial Control Systems Cyber Emergency Response Team responded to 245 “incidents” during the fiscal year ending in February. Those incidents targeted manufacturing, energy, nuclear, transportation, and water facilities, the agency said.

The DHS reported that the attacks were most often aimed at “economic espionage and reconnaissance.” Over half of those attacks were conducted by “sophisticated actors” that had the ability to install malware, scan and probe the networks, and launch specific attacks. Other cases were attributed to criminals, insider threats, and so-called “hacktivists,” people who hack into computer systems as part of a broader cause.

The DHS does not say where those attacks come from because, in many cases, it’s difficult to determine from where they originate since hackers use anonymizing technologies to hide their identities and locations. But hackers working on behalf of various countries have allegedly been involved for years.

In 2012, for example, then-Defense Secretary Leon Panetta said that Iran was one of the most prolific hackers, targeting everything from government systems to company networks. U.S. officials have also accused China of frequent attacks along with Russia, which was said to have gained access to the White House network including the President’s daily schedule. Last year, North Korea hackers allegedly attacked Sony Pictures before the premiere of The Interview starring Seth Rogen as a journalist on a mission to kill the country’s leader, Kim Jong Un.

WATCH: For more about government-sponsored hacking, check out the following Fortune video:

Similarly, the U.S. is accused of breaching China’s networks and may have briefly shut down North Korea’s Internet connectivity following The Interview dust up. It’s also believed that the U.S. and Israel conducted a joint operation in 2010 using the cyberweapon Stuxnet to immobilize the Natanz Iranian nuclear facility.

Like its counterparts, the U.S. government has declined to comment about those alleged breaches.

Earlier this year, in his most direct comments on the issue, President Obama said in a speech at the National Cybersecurity Communications Integration Center that cyber threats pose “one of the most serious economic and national security challenges we face as a nation,” and acknowledged that hacking is ongoing.

“Foreign governments, criminals and hackers probe America’s computer networks every single day,” he said. “Moreover, much of our critical infrastructure—our financial systems, power grids, pipelines, health care systems—run on networks connected to the Internet. So this is a matter of public safety and of public health.”

SIGN UP: Get Data Sheet, Fortune’s daily newsletter about the business of technology.

The trouble, however, is actually securing that infrastructure. According to John Kindervag, a security expert at Forrester, most of the U.S. infrastructure that is connected to the Internet is poorly protected.

“There are many technologies that are Internet-enabled but not secured,” says Kindervag. “Apparently the control systems around this dam might be an example of that. This type of report is not surprising given that many technologies are just giving Internet access without thinking about the consequences of that access.”

Ben FitzGerald, director of the technology and national security program at the Center for a New American Security, told Fortune that it was especially “noteworthy” that the alleged Iranian hackers “appeared to prove, not execute an attack.”

“This shows an implied norm that theft or destruction of data is not as significant as causing physical destruction via cyber means,” he says.

Finding a solution isn’t simple. Hackers are growing more sophisticated, and, as President Obama noted in a speech earlier this year, it’s impossible for just the government or the private sector to safeguard every control system.

“Neither government, nor the private sector can defend the nation alone,” he said. “It’s going to have to be a shared mission—government and industry working hand in hand, as partners.”

The President added that “the government and the private sector are still not always working as closely together as we should.” In some cases, he said that companies don’t want to admit they’ve been hacked and in others, it’s too difficult to work with the government to address the issues.

In other words, successful hacking continues with no sign of slowing down. And along the way, those hackers may create more havoc than a simple dam breach may suggest.

“We want cyber criminals to feel the full force of American justice, because they are doing as much damage, if not more, these days as folks who are involved in more conventional crime,” President Obama said.

SPONSORED FINANCIAL CONTENT

You May Like

Read More

Sign Up for Our Newsletters

Sign up now to receive FORTUNE's best content, special offers, and much more.